[ol10_baseos_latest] crypto-policies-scripts-20250905-2.gitc7eb7b2.el10_1.noarch

Name:	crypto-policies-scripts
Version:	20250905
Release:	2.gitc7eb7b2.el10_1
Architecture:	noarch
Group:	Unspecified
Size:	383115
License:	LGPL-2.1-or-later
RPM:	crypto-policies-scripts-20250905-2.gitc7eb7b2.el10_1.noarch.rpm
Source RPM:	crypto-policies-20250905-2.gitc7eb7b2.el10_1.src.rpm
Build Date:	Tue Oct 21 2025
Build Host:	build-ol10-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary:	Tool to switch between crypto policies
Description:	This package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files.

Changelog (Show File list) (Show related packages)

Thu Sep 25 2025 Clemens Lang <cllang@redhat.com> - 20250905-2.gitc7eb7b2

- add Obsoletes: crypto-policies-pq-preview to ease transition
  Resolves: RHEL-113008

Fri Sep 05 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250905-1.gitc7eb7b2

- rpm-sequoia: enable MLDSA65-ED25519 and MLDSA87-ED448 in all policies
- rpm-sequoia: force enable all PQ algorithms for now

Mon Aug 04 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250804-1.git2ca4115
```
- nss: enable mlkem1024secp384r1, rename mlkem768secp256r1
- nss: enable ML-DSA
```

Mon Jul 14 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250714-1.git95bf40e

-  sequoia: add sha3, x25519, ed25519, x448, ed448, but not for rpm-sequoia
-  sequoia, rpm-sequoia: use ignore_invalid with sha3, x25519, ...
-  sequoia: Add PQC algorithm
-  sequoia: Do not include EdDSA in FIPS policy
-  sequoia: Generate AEAD policy
-  openssl: send one PQ and one classic key_share; prioritize PQ groups
-  FIPS: deprioritize X25519-MLKEM768 over P256-MLKEM768 for openssl...
-  python, policies, tests: alias X25519-MLKEM768 to MLKEM768-X25519
-  gnutls: enable ML-DSA, for both secure-sig and secure-sig-for-cert

Mon Jun 02 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250602-1.gita6d4d0c

- openssl: fix mistakes in integrity-only cipher definitions
- FIPS: enable hybrid ML-KEM (TLS only) and pure ML-DSA
- AD-SUPPORT-LEGACY: resurrect subpolicy as present in RHEL-9

Sat Apr 26 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250424-2.git9267dee

- add Provides: crypto-policies-pq-preview to ease transition
- require openssl 3.5 outright

Thu Apr 24 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250424-1.git9267dee

- LEGACY/DEFAULT/FUTURE: enable hybrid ML-KEM and pure ML-DSA
- drop crypto-policies-pq-preview subpackage, TEST-PQ goes into main one
- NO-PQ: introduce
- openssl: fix enabling integrity-only ciphersuites (still need min_rsa_size=0)

Tue Apr 22 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250404-4.gitca0e9a5

- Fix accidental turning of oqsprovider BuildRequires into Requires
- Drop requires on liboqs

Wed Apr 16 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250404-3.gitca0e9a5
```
- Relax dependency on oqsprovider, also allowing openssl 3.5 instead
```
Mon Apr 07 2025 Alexander Sosedkin <asosedkin@redhat.com> - 20250404-2.gitca0e9a5
```
- Add a build dependency on oqsprovider as openssh config check is now fussy
```